darkcomet | dbe85720f3a1114ab01f715edc05e4a1a6865136667c0d3abeb2a80b75f8ec47 | Triage

Sharing

General

Target

dbe85720f3a1114ab01f715edc05e4a1a6865136667c0d3abeb2a80b75f8ec47
Size

252KB
Sample

201110-dger6l8fna
MD5

0e18f4acc82d93682e9bd929f0c9814b
SHA1

c5a2013b355def5e444c7c6a942432cdb3b05b9d
SHA256

dbe85720f3a1114ab01f715edc05e4a1a6865136667c0d3abeb2a80b75f8ec47
SHA512

b0250e009b6a798d569f08036aaa721a03a81c3716a77885052a78658e39837ba7aad174e09ffbfda8599ef2f9146ab3667c9440ef82cb3538c9b849b21788eb

Score

10^/10

darkcomet persistence rat trojan upx

Malware Config

Targets

- Target
  
  dbe85720f3a1114ab01f715edc05e4a1a6865136667c0d3abeb2a80b75f8ec47
- Size
  
  252KB
- MD5
  
  0e18f4acc82d93682e9bd929f0c9814b
- SHA1
  
  c5a2013b355def5e444c7c6a942432cdb3b05b9d
- SHA256
  
  dbe85720f3a1114ab01f715edc05e4a1a6865136667c0d3abeb2a80b75f8ec47
- SHA512
  
  b0250e009b6a798d569f08036aaa721a03a81c3716a77885052a78658e39837ba7aad174e09ffbfda8599ef2f9146ab3667c9440ef82cb3538c9b849b21788eb
Score

10^/10

darkcomet persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometpersistencerattrojan

behavioral2

darkcometpersistencerattrojan